He said NHS systems in Scotland were expected to be recovered by today and reassured patients with appointments that they should attend as planned.

Eleven health boards as well as NHS National Services and the Scottish Ambulance Service were affected in the unprecedented cyber attack that hit scores of countries on Friday.

The attack affected acute hospital sites in Lanarkshire, as well as GP ­surgeries, dental practices and ­other primary care centres around the country.

Organisations across the globe, including investigators from the UK’s National Crime Agency (NCA), are working to hunt down those responsible for the Wanna Decryptor ransomware, also known as WannaCry.

Mr Matheson said the Scottish Government was liaising closely with the National Cyber Security Centre and NHS Scotland to identify the cause of the attack.

Ministers are to convene an extraordinary meeting of the National Cyber Resilience leaders’ board tomorrow to review the response to the breach.

A “lessons learned” exercise will also take place to help mitigate the risks from further attacks.

The Justice Secretary said: “Friday’s attack has highlighted the need for everyone to have appropriate and robust measures in place to protect against cyber-attacks which could strike any IT system at any time.

“NHS Scotland systems are being recovered, we expect them to have returned to normal by Monday, and it is important to emphasise that there is no evidence that patient data has been compromised.

“Patients who have appointments booked for Monday and beyond should attend as planned.

“However, we must remain particularly vigilant against further incidents and the Scottish Government is taking action to enhance security, including contacting over 120 public bodies to ensure they have appropriate defences in place.

“One of the most common methods of infecting computer systems is through links and attachments in emails.

“Therefore I would urge everyone to think twice before clicking on attachments or links from sources that they don’t know.” The head of Europol, Rob Wainwright, warned the threat from the cyber attack that crippled international services “will continue to grow” as people return to work.

Since Friday’s breach more than 200,000 victims – including the NHS – across 150 countries have been infected by Wanna Decryptor.

Mr Wainwright said the attack was indiscriminate across the private and public sectors.

“At the moment we are in the face of an escalating threat; the numbers are going up. I am worried about how the numbers will continue to grow when people go to work and turn their machines on Monday morning.

“The latest count is over 200,000 victims in at least 150 countries. Many of those will be businesses including large corporations.”

Meanwhile, health authorities are racing to upgrade security software amid fears hackers could exploit the same vulnerability with a new virus.

There have been calls for an inquiry into the circumstances surrounding Friday’s major incident, with the government and NHS chiefs facing questions over their preparedness and the robustness of vital systems.

Mr Wainwright added: “We have been concerned for some time. The healthcare centres in many countries are particularly vulnerable. They are processing a lot of sensitive data.”

Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC), added to warnings of new attacks, saying: “We have not yet seen Friday’s attack reoccur, there’s been no new wave of attacks. On Monday morning at the start of the new working week we can expect it’s likely that successful attacks from Friday that haven’t yet become apparent will become apparent.

“We can’t say what scale the new cases will occur at but it’s likely there will be some.”

A British cyber whizz was hailed an “accidental hero” after he registered a domain name that unexpectedly stopped the spread of the virus, which exploits a vulnerability in Microsoft Windows software.

The anonymous specialist, known only as MalwareTech, prevented more than 100,000 computers across the globe from being infected.

Yesterday MalwareTech issued a warning that hackers could upgrade the virus to remove the “kill switch”.